2. For each of the following assets, assign a low, moderate or high impact level

Question

2. For each of the following assets, assign a low, moderate or high impact level for the loss of confidentiality, availability and integrity, respectively. Justify your answer. a. An organization managing public data on its web server. b. A l law enforcement agency managing extremely sensitive investigative information. A financial organization managing routine administrative information not privacy related information) d. A information system used for large acquisitions in a contracting organization contain both sensitive, pre-solicitation phase contract information and routine administrative information. Assess the impact for the two data sets separately and the information system as a whole.

Explanation / Answer

a)

Best example for this is yearly calendar on organization website.

Security Aspect

Level of Impact

Justification

Confidentiality

Low

There is no confidentiality information in this as this is already a public information. So no secret in that.

Availability

Low

If this public info is very important but not available, employee may go for other methods for getting information may be calling helpdesk.

Integrity

Medium

The information should be corrective and completeness always. Because any wrong info provided then outcome gives wrong results.

b)

Good example for this is criminal records at police department which have confidential info.

Security Aspect

Level of Impact

Justification

Confidentiality

High

The confidentiality of the information is very high and protected. Ex: Police department maintain these criminal records at high confidential and secrecy.

Availability

High

Availability of this kind of information is not possible. If this info available then criminals will find escape plans.

Integrity

High

Integrity, completeness and correctness of the info is not so easy. If modifications done criminals can be escaped and innocent guy will be punished.

c)

Good example for this is team calculates daily profits of an organization and gives this information to its customers and stakeholders.

Security Aspect

Level of Impact

Justification

Confidentiality

Low

The confidentiality of the information is low as this is not a privacy based information. If the data lost also no problem because this confidential information at low level.

Availability

High

Loss of this kind of data will be at high level because if machine shutdowns completely then then impact at high level.

Integrity

High

Integrity, completeness and correctness of the info is very important. Financial kind of information should be completeness and more accurate.

d)

Contract information: Confidentiality=Medium, Integrity=Medium, Availability=Low

Administrative information: Confidentiality= Low, Integrity= Low, Availability=Low

Acquisition System: Confidentiality=Medium, Integrity=Medium, Availability=Low

Security Aspect

Level of Impact

Justification

Confidentiality

Low

There is no confidentiality information in this as this is already a public information. So no secret in that.

Availability

Low

If this public info is very important but not available, employee may go for other methods for getting information may be calling helpdesk.

Integrity

Medium

The information should be corrective and completeness always. Because any wrong info provided then outcome gives wrong results.

Related Questions

Navigate

• Browse (All)
• Browse 2
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.